The latest figures have the US still on top of spam production. However, the …

Share this story

Spam remains a big problem. Although users who take advantage of spam filters in their e-mail clients and from their ISPs may be seeing fewer Rolex-related e-mails in their inboxes, there's still more than enough to go around. Some countries are making strides in the ongoing war against spam, while others are being added to the casualty list.

Holding steady at the #1 spot for spam relays is the US. According to security firm Sophos, 24.5 percent of all spam originates from the US. This marks the first time that the figures for the US have dropped below 25 percent. South Korea also made strides against spam, with its share dropping to 9.7 percent. The big winner—or loser, depending on how you look at it—is China, which is closing in on the US with 22.3 percent. That's up 7 percentage points from Sophos' last look at spam in October 2005. France and Canada round out the top 5 with 5.0 percent and 3.0 percent respectively.

Most of the spam—60 percent—originates from "zombie" networks of compromised PCs, with most of the rest coming out of traditional mail servers. As we were reminded earlier this week, there's money to be made in assembling and selling zombie armies to serve ads and relay spam. In the US, zombified PCs have proven to be a problem for many ISPs. In May 2004, Comcast was singled out as the biggest source of spam on the Internet. After identifying the culpable IP addresses and blocking port 25 on those accounts, Comcast's spam output dropped 35 percent in just over a month.

One easy way to clamp down on zombie networks would be for more ISPs to monitor spam traffic on their networks and move decisively to take action against compromised PCs. It's been suggested before, but bears another mention: ISPs need to think about quarantining or taking compromised PCs offline. People have proven themselves willing to resign themselves to living with system slowdowns and other manifestations of malware infections, but if their 'Net access suddenly went "poof!" and they could only reach a server that offered patches and instructions on how to clean up their PC, that might get their attention.

Much has been made by the US and other governments over antispam legislation. CAN-SPAM, which went into effect at the beginning of 2004 has resulted in a handful of lawsuits, and a few criminal prosecutions. In a report issued in December 2005, the US Federal Trade Commission lauded the law, pointing to a 9 percent decrease in spam traffic over a one-year period. As we learned in Statistics 101, correlation does not equal causation. As Caesar pointed out, the drop is likely due to other factors such as better server-side filtering.

Overall, it's encouraging to see spam dropping in the US and other countries that have proven to be a major source of the problem. Hopefully countries where it is a growing problem, like China, will begin taking steps to curtail spam. Although we're nowhere near fulfilling Bill Gates' prophecy that spam would be dead by 2006, it appears that we're making progress.